Hello, I am having a hard time trying to differentiate risks from nonconformity in practice. I understand the concepts in theory but when I'm trying to identify risks I come up with nonconformities that has happened before and might happen again, so I don't know if I'm on the right track. In short, my confusion is if a risk is strictly something that has not happened before or if it can be something that has already happened and can happen again? I am using a simpler version of FMEA to implement the Risk Management Approach of ISO 9001:2015, in which I identify the risks, effects, possible causes, probability, impact and action plan. Thanks!